scudette
commented
1 month ago Fixed by https://github.com/Velocidex/velociraptor/blob/master/artifacts/definitions/Server/Utils/TimesketchUpload.yaml which allows uploading to timesketch using the command line importer.
We should be able to parse the output of
Windows.KapeFiles.Targetsdirectly into elastic in a format that Time Sketch understandsCurrently people do this via moving the bulk data to another system and using plaso to parse the same data - we need to make this process smoother and faster (and also somewhat officially supported so it doesn't break in future).
This is also a good opportunity to officially support Time Sketch and investigate how to feed it data in the best way - maybe we can add a standard Velociraptor uploader?